Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: smtp redirection

From: Chris Edwards <chris () ENG GLA AC UK>
Date: Wed, 11 May 2005 13:31:39 +0100
John wrote:

| We are redirecting smtp traffic inbound to some campus mail servers via MX
| records in our DNS to an anti-spam appliance (Bluecat Meridius) and find
| some email circumvents the appliance apparently by using DNS IP lookup for
| host resolution and not using MX records to send mail to mail servers on our
| campus. The vendor recommends blocking inbound port 25 to the campus mail
| servers from the internet. I favor this approach.

Yup.  Some spamware tools are distributed with hard-coded numeric IP
addresses, so expect your internal server IPs to receive direct connect
attempts from spammers for many years to come...

| However the mail folks are concerned that some legitimate email may be
| dropped this way.

No - only spam / virus emails will come this way

( unless you forget to MX something that receives mail for some reason -
  e.g legit mail sent to the name of a machine, not the domain etc.
  Solution is to make sure *everything* is MX'd )



John later wrote:

| I am very pleased to hear of the success when redirecting ALL email
| through the mailhub. I like the idea. My question now is how best to do
| this. My preferred way is to simply disallow incoming smtp to any other
| host by a router acl or a firewall rule. Is this the method you use?

Yup - this is very standard.

| Is there another way to accomplish routing ALL incoming smtp to the
| mailhup/anti-spam appliance?

Perhaps, if your network and anti-spam appliance support it.  However,
this will increase overall complexity a lot, for no benefit.


--
Chris Edwards, Glasgow University Computing Service

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.
Previous By Date Next
Previous By Thread Next

Current thread: